Cryptography-Digest Digest #960, Volume #12 Thu, 19 Oct 00 16:13:00 EDT
Contents:
Re: Q: Message length in RSA (Tom St Denis)
Re: RSA codes (Tom St Denis)
Re: What is desCDMF? (Tom St Denis)
Re: What is desCDMF? (Richard Heathfield)
Re: RSA codes (Stephan T. Lavavej)
Re: Enigma: Stolen German Code Machine Turns Up in BBC Mailroom (David Schwartz)
Re: BIOS password, will it protect PC with PGPDisk against tampering ? (nemo outis)
Re: Which "password" is best. (wtshaw)
Re: Looking for small implementation of an asymmetric encryption (Mike Rosing)
Re: DLL TripleDES and MD5 on Win32 (Daniel Leonard)
Re: Which "password" is best. (jungle)
Re: DLL TripleDES and MD5 on Win32 (Ichinin)
Re: RSA codes (Bob Silverman)
Entropy and RC4 ("George Gordon")
Re: DLL TripleDES and MD5 on Win32 ("norman")
Re: Which "password" is best. (Tom St Denis)
Re: What is desCDMF? (Tom St Denis)
Re: RSA codes (Tom St Denis)
Re: RSA codes (Bryan Olson)
----------------------------------------------------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Q: Message length in RSA
Date: Thu, 19 Oct 2000 16:58:16 GMT
In article <8smu9r$vdm$[EMAIL PROTECTED]>,
Bob Silverman <[EMAIL PROTECTED]> wrote:
> In article <8smnia$plv$[EMAIL PROTECTED]>,
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> > In article <[EMAIL PROTECTED]>,
>
> > > I have a question regarding RSA signing and encrypting.
> > > If I take a 160 bit SHA-1 hash and sign it with my private key
(1024
> > > bits), how long is the signature going to be?
> > > And if I encrypt another message (some session key) which is e.g.
> 256
> > > bits long? How long is this message going to be?
> > > Is there a difference in the length of my private key and my
public
> > key?
>
> A clarification:
> There are two components to each of these keys. The public key
> is (N,e), the private key is (N,d). [although N is redundant in the
> second case]
>
> One typically (and loosely) refers to the length of the public key as
> the length of N while the length of the private key is generally
> considered to be the length of d, even though both keys have more than
> one component.
>
> > > Everybody speeks about 1024 bit keys, but I read somewhere that
both
> > > lengths are different. Is this true?
> >
> > Arrg... so many misconceptions so little time.
> >
> > If your RSA modulus is 'n-bits' long then all of the RSA messages
> > are 'n-bits' long regardless of how many bits you fill up. For
> example
> > decrypting (signing) the 160-bit hash can be considered as signing
> 160-
> > bit hash + n-160 bits of padding. The result is always n-bits long.
> >
> > Your RSA private key is the decryption exponent and is the same size
> as
> > well. Your RSA public key will most likely consist of the
encryption
> > exponent (257 or 65537) and the modulus.
>
> Tom does it again. Opens his mouth in ignorance and puts his foot in
it.
> When will he learn??? Tom, do us all a favor and SHUT UP until you
learn
> this material.
Cuz I speak from a practical stand point.
> (1) Contrary to TOm's claim, all encrypted messages are NOT n bits
long.
> m^e mod N will be n-1 bits with probability approximately 1/2, will
> be n-2 bits with probability 1/4, etc. Indeed, some standards allow
> or require m^e mod N to be replaced with N - m^e mod N, whichever is
> smaller, so in fact the final message or signature is ALWAYS 1 bit
less
> than the modulus (X9.31 for example)
Yes yes. 2 messages will be 1 bit long, 4 will be 2 ... etc..
Generally in "C = m^e mod n" we consider "C" to be a log2(n) bit
number. Since most of the time it requires that many bits.
Technically you're right that some "C"'s can be encoded in fewer bits,
but I doubt the OP really cared about the stats.
> (2) Similarly, the private exponent need not be exactly n bits long.
If
> e is the public exponent, the private key must be at least n - lg(e)
> bits long, but can be shorter than n bits. [lg = log base 2] It need
> not always be n bits.
Generally however if 'e' is small 'd' is large. In most cases I have
seen it's about the same length (in decimal digits) as 'n'. I am sorry
if in 2^-1000 cases it's smaller...
There is a huge difference between "Exact" and "in general"
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: RSA codes
Date: Thu, 19 Oct 2000 16:59:11 GMT
In article <8smnpu$pvv$[EMAIL PROTECTED]>,
Bob Silverman <[EMAIL PROTECTED]> wrote:
> In article <8smnbo$pjg$[EMAIL PROTECTED]>,
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> > In article <8smm3b$op0$[EMAIL PROTECTED]>,
> > [EMAIL PROTECTED] wrote:
> > > Just a small question. RSA relies on people not being able to work
> out
> > > the prime numbers that where used to generate the keys right?
Well,
> > > can't we just adapt the knapsack solution to break the key down
into
> > > it's part.
> >
> > Actually it's relies on the difficulting of finding logarithms
modulo
> > the composite.
> >
> > I fail to see how the "knapsack problem" applies...
>
> This last comment does not surprise me. Tom often comments
> on subjects for which he has inadequate knowledge.
>
> The lattice basis reduction attacks on knapsack can be adapted
> to factoring the modulus. But they are much more inefficient than
> existing sieve methods.
Unless 'N = (P^r)(Q)' for large r.....
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: What is desCDMF?
Date: Thu, 19 Oct 2000 17:00:42 GMT
In article <8sms8a$sno$[EMAIL PROTECTED]>,
"Yonghan, Yoon" <[EMAIL PROTECTED]> wrote:
> what is Commecial Data Mask Facility ?
>
> How to implement 40-bits des key?
>
>
Why the heck would you use a 40-bit key? That's like asking "can you
steal my messages". Why not just not use a key at all?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Thu, 19 Oct 2000 18:22:23 +0100
From: Richard Heathfield <[EMAIL PROTECTED]>
Subject: Re: What is desCDMF?
Tom St Denis wrote:
>
> In article <8sms8a$sno$[EMAIL PROTECTED]>,
> "Yonghan, Yoon" <[EMAIL PROTECTED]> wrote:
> > what is Commecial Data Mask Facility ?
> >
> > How to implement 40-bits des key?
> >
> >
>
> Why the heck would you use a 40-bit key? That's like asking "can you
> steal my messages". Why not just not use a key at all?
I can think of three reasons without particularly trying:
1) Newbie-level study of cryptanalytic techniques. This makes even a
monoalphabetic sub or Vigenere cipher worth doing.
2) An informal competition among friends.
3) 'Kid sister' cryptography (i.e. a not very threatening* threat
model).
[*Unless, like one guy I know of, your kid sister happens to be a
cryptanalyst at GCHQ!]
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
K&R Answers: http://users.powernet.co.uk/eton/kandr2/index.html
------------------------------
From: stl/*This_is_a_comment*[EMAIL PROTECTED] (Stephan T. Lavavej)
Subject: Re: RSA codes
Date: Thu, 19 Oct 2000 17:20:45 GMT
On Thu, 19 Oct 2000 11:53:29 GMT, Tom St Denis <[EMAIL PROTECTED]>
wrote:
>In article <8smm3b$op0$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
>> Just a small question. RSA relies on people not being able to work out
>> the prime numbers that where used to generate the keys right? Well,
>> can't we just adapt the knapsack solution to break the key down into
>> it's part.
>
>Actually it's relies on the difficulting of finding logarithms modulo
>the composite.
>
>I fail to see how the "knapsack problem" applies...
>
>Tom
>
>
>Sent via Deja.com http://www.deja.com/
>Before you buy.
Um, RSA relies on factoring, while DH relies on the discrete log
problem, no? I was unaware that one had been proven to be equivalent
to the other, although I do think that they're considered to be around
the same level of difficulty.
-*---*-------
Stephan T. Lavavej
http://quote.cjb.net
stl/*This_is_a_comment*[EMAIL PROTECTED]
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Enigma: Stolen German Code Machine Turns Up in BBC Mailroom
Date: Thu, 19 Oct 2000 10:30:39 -0700
Scott Craver wrote:
> >Are you sure the exact specification of this version of the Enigma
> >is public information?
>
> As unusual as it may be, it is a rotor-type machine. Cracking rotor-machine
> cryptotext is easy nowadays. Even if some non-public details were needed to
> simulate it, it is difficult to imagine why someone would make such a risky
> move as stealing it, rather than asking the museum for the details.
It's easy if all you don't know is the key, brute forcing it is
equivalent to breaking about a 19-bit key. If you don't know how the
wheels are wired it's much harder. Breaking the four-rotor enigma by
brute force is basically impossible. Each individual rotor could be
hooked up in 26 factorial ways.
> >It might make an intriguing story if there are many Enigma encryptions that are held
> >by the government hidden away or forgotten somewhere that might contain clues to
>hidden Nazi
> >treasure.
>
> I wasn't expecting these kinds of theories to pop up as a result of the
> theft. But they are very silly. The idea that the machine was stolen to
> decrypt some ancient document, in our day and age of fast computers that
> could just simulate and brute-force the machine, can only spring from
> misunderstanding about the difficulty of cryptography then and now.
Try to brute force the machine. Remember, for each of the 26^4 possible
keys, you have (26!)^4 possible rotor hookups. Break, yes. Brute force,
no. As far as I know, the rotor wirings were never made public.
DS
------------------------------
From: [EMAIL PROTECTED] (nemo outis)
Subject: Re: BIOS password, will it protect PC with PGPDisk against tampering ?
Date: Thu, 19 Oct 2000 17:31:16 GMT
I might point out that there may be a *lot* of work to do to get the initial
"known-good" state.
It's best is if you install everything onto a newly formatted drive using
trusted sources (e.g., original-issue manufacturers' CDs, although it is
possible that even these have back-doors available to three-letter-acronym
(TLA) opponents).
It is much more difficult if you "inherit" a machine with software already
preloaded. It may be possible to verify file hashes for popular software
with signatures derived from a machine in a different environment (e.g., a
friend's at a different company). Checking for software keyloggers, etc.
requires some power-user or even hacking skills. In general your verification
will be partial and your security thus very limited.
And you must do a full case-and-keyboard-open hardware check.
Regards,
In article , [EMAIL PROTECTED] (nemo outis) wrote:
>If you cannot keep a computer (or at least its hard disk) physically secure at
>all times (perhaps in a work environment) then here are some suggestions:
>
..snip...
>Regards,
>
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Which "password" is best.
Date: Thu, 19 Oct 2000 11:32:41 -0600
In article <8slnur$22d$[EMAIL PROTECTED]>, Tom St Denis
<[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]>,
> "Frog2000" <[EMAIL PROTECTED]> wrote:
> I have
> tried to get some random-passwords generated. In picking a password, which
> one of the 2 below would you chose, and why?
> > Password 1
> >
> > 0n~gv3,1=bBz&!LalIweDx(JQ$_\jN@u:O%X^t}p#SV?y]2T7GW+odYRc
> >
> > Password 2
> >
> > RrL?tJc_'A=an3V~$e(;:+vo@Tl24%yqm!\FSXKpz&DW^#5HIN
>
> Neither.
>
> Tom
>
The use of a password/passphrase is based on it being both obscure and
rememberable. The use of a 26 character permutation, an optionfor a
constant sized string could be based on a pangram, harvesting each
different letter in order.
--
52) *Part of job is making whimsical, zippy, and vexing key sequences.
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Looking for small implementation of an asymmetric encryption
Date: Thu, 19 Oct 2000 12:53:45 -0500
[EMAIL PROTECTED] wrote:
> The max size of the packet sent from the device is actually only 49
> bits. I can send infrequent 13-bit messages to the device. The device is
> left alone and an attacker could access it and its memory although the
> devices will be spread out over a large area so it would be difficult to
> vist all of them.
Can you transmit larger packets? If you send 128 bit blocks for example
for every exchange, you increase your security by a lot.
>
> Secrecy is my primary concern. Authentication would be nice but most of
> the bits are needed for the payload. The information is timely and need
> only be kept secret for a few days. The transmission mechanism is not
> entirely reliable and it is possible that messages will get lost (but if
> I do get the message I don't believe it will have any corrupt bits).
Even for a few days you need better than 56 bits of symmetric level security.
Any asymmetric system less than 112 bits will be marginal. If secrecy is
really a concern, then 49 bits is already a major problem .
> Device assembly is outsourced and to avoid adding another step to
> the process I had hoped that with an asymmetric algorithm all the units
> could be programmed with the same public key (or set of public keys and
> in case a private key was compromised I could use the 13-bit message to
> have the device select another key (although the device would need to
> make sure that any 13-bit message was authentic). It would be difficult
> to get a new 1024-bit key to a device) but knowing that public key
> wouldn't allow an attacker to decrypt the messages coming from any of
> the other boxes.
Can you make the devices field programmable? You could use a symmetric
key and go around to reprogram each box once a month.
But given the constraints as I've seen them here, you don't have enough
bits in your transmission to be secure at all. Even a symmetric cipher
at 49 bits is brute forcable in a matter of hours with a few machines.
Patience, persistence, truth,
Dr. mike
------------------------------
From: Daniel Leonard <[EMAIL PROTECTED]>
Subject: Re: DLL TripleDES and MD5 on Win32
Date: Thu, 19 Oct 2000 18:07:57 GMT
On Thu, 19 Oct 2000, Robert Hulme wrote:
> Hi,
>=20
> Could someone please help me - I' having loads of trouble.
>=20
> I'm implementing a system where I'm using the mcrypt library with PHP on =
a
> Unix system to decrypt data stored in a database with TripleDES and
> passwords stored with the MD5 hash.
>=20
> The program that prepares the data though needs to run in Windows NT
> (Win32)... I'm using VB to write the application that manages and encrypt=
s
> the data ready for going on the webserver. The problem I'm having is find=
ing
> a DLL or some VB code that will encrypt with TripleDES and MD5. I can use
> mcrypt, but not on Win32 - there is a Win32 port of mcrypt - but its a
> command line program - I need like a DLL or something to link to my progr=
am.
Why not then issue system calls. Run mcrypt.exe by trapping is input and
output streams.
> Free / GPLd software is really what I'm looking for - as one of the
> strengths of the current system is that it only uses GPLd software.
>=20
> Do you know of a DLL or any VB code that can do this?
> Cheers
> -Rob
> http://www.robhulme.com
==========
Daniel L=E9onard
OGMP Informatics Division E-Mail: [EMAIL PROTECTED]
D=E9partement de Biochimie Tel : (514) 343-6111 ext 5149
Universit=E9 de Montr=E9al Fax : (514) 343-2210
Montr=E9al, Quebec Office: Pavillon Principal G-312
Canada H3C 3J7 WWW : http://megasun.bch.umontreal.ca/~leonard
------------------------------
From: jungle <[EMAIL PROTECTED]>
Subject: Re: Which "password" is best.
Date: Thu, 19 Oct 2000 14:16:51 -0400
This is a multi-part message in MIME format.
==============3A78C72A2B4D667E8E0A8A34
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
it could help ... draw you own conclusion ...
Frog2000 wrote:
===
> In picking a password, which one of
> the 2 below would you chose, and why? I am testing stream ciphers based on
> cellular transform methods.
>
> Password 1
> 0n~gv3,1=bBz&!LalIweDx(JQ$_\jN@u:O%X^t}p#SV?y]2T7GW+odYRc
57 ch long ...
> Password 2
> RrL?tJc_'A=an3V~$e(;:+vo@Tl24%yqm!\FSXKpz&DW^#5HIN
50 ch long ...
==============3A78C72A2B4D667E8E0A8A34
Content-Type: message/rfc822;
name="nsmail5K.TMP"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="nsmail5K.TMP"
X-Mozilla-Status2: 00000000
Message-ID: <[EMAIL PROTECTED]>
Date: Thu, 19 Oct 2000 12:59:08 -0400
From: jungle <[EMAIL PROTECTED]>
Organization: You can't force Privacy on people ...
X-Mailer: Mozilla 4.7 [en] (Win95; U)
X-Accept-Language: en
MIME-Version: 1.0
Newsgroups: comp.security.pgp.discuss
Subject: Re: How safe is PGP ?
References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
The Producer wrote:
> On Thu, 19 Oct 2000 01:35:57 +0100, dsb wrote:
>
> >Thanks for the fast reply, the 16 char passphase, even if someone know the
> >length, in theory, how long will it take a computer to decode it ? (ps, I
> >will change the passphase :)
> >I heard this could take hundred of years (thats if Intel dont bring out the
> >P9 running at 9000mhz before next year hehe)
>
> Probably others will comment further, but it depends on what your password
> characters are and what your encryption needs are. There are probably hundreds
> of web sites analyzing entropy,
when using only lover case characters [ 26 in total ] in random sequence to
match MD5 & IDEA strengths you need pass to be not shorted then 28 characters
...
when you will introduce other futures [ CAPITALS, 1234567890, !@#$%^& ...] the
one word pass could be much shorter ...
==============3A78C72A2B4D667E8E0A8A34==
------------------------------
From: Ichinin <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: DLL TripleDES and MD5 on Win32
Date: Thu, 19 Oct 2000 08:23:09 +0200
Robert Hulme wrote:
> Do you know of a DLL or any VB code that can do this?
CryptPak. Where you can download it? - Good question.
Try altavista. (I've lost the URL as well)
/Ichinin
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: RSA codes
Date: Thu, 19 Oct 2000 19:01:59 GMT
In article <[EMAIL PROTECTED]>,
stl/*This_is_a_comment*[EMAIL PROTECTED] (Stephan T. Lavavej) wrote:
> On Thu, 19 Oct 2000 11:53:29 GMT, Tom St Denis <[EMAIL PROTECTED]>
> wrote:
>
> >In article <8smm3b$op0$[EMAIL PROTECTED]>,
> > [EMAIL PROTECTED] wrote:
> >> Just a small question. RSA relies on people not being able to work
out
> >> the prime numbers that where used to generate the keys right? Well,
> >> can't we just adapt the knapsack solution to break the key down
into
> >> it's part.
> >
> >Actually it's relies on the difficulting of finding logarithms modulo
> >the composite.
> >
> >I fail to see how the "knapsack problem" applies...
> >
> >Tom
> >
> >
> >Sent via Deja.com http://www.deja.com/
> >Before you buy.
>
> Um, RSA relies on factoring, while DH relies on the discrete log
> problem, no?
Actually, Tom got this part right. Breaking RSA can be done by
computing discrete logs modulo a composite. This in turn is
polynomial time equivalent to factoring. i.e. if I can solve
for x given (say) g^x mod pq, then I can find p,q in P-time.
DH relies on discrete log modulo a PRIME.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "George Gordon" <[EMAIL PROTECTED]>
Subject: Entropy and RC4
Date: Thu, 19 Oct 2000 15:22:08 -0700
Other people have asked similar questions here, but let me ask a very
specific one.
Assume that you initialise RC4 using a 128-bit key. Then you output exactly
16 bytes worth of the stream. (I don't care how many loops you do for the
initialisation)
OK, how could you determine how much of the entropy in the 128-bit key is
preserved in the 16 byte stream if 1) you assume RC4 specifically? 2) you
assume a perfectly uniform distribution?
Thanks for the help!
George
------------------------------
From: "norman" <[EMAIL PROTECTED]>
Subject: Re: DLL TripleDES and MD5 on Win32
Date: Thu, 19 Oct 2000 21:23:48 +0200
We have used "locknuts, a program from www.kewlstuff.co.za. It s not free,
but we have been very happy. Does all the stuff you ask..
Robert Hulme <[EMAIL PROTECTED]> wrote in message
news:39ef2913$[EMAIL PROTECTED]...
> Hi,
>
> Could someone please help me - I' having loads of trouble.
>
> I'm implementing a system where I'm using the mcrypt library with PHP on a
> Unix system to decrypt data stored in a database with TripleDES and
> passwords stored with the MD5 hash.
>
> The program that prepares the data though needs to run in Windows NT
> (Win32)... I'm using VB to write the application that manages and encrypts
> the data ready for going on the webserver. The problem I'm having is
finding
> a DLL or some VB code that will encrypt with TripleDES and MD5. I can use
> mcrypt, but not on Win32 - there is a Win32 port of mcrypt - but its a
> command line program - I need like a DLL or something to link to my
program.
>
> Free / GPLd software is really what I'm looking for - as one of the
> strengths of the current system is that it only uses GPLd software.
>
> Do you know of a DLL or any VB code that can do this?
> Cheers
> -Rob
> http://www.robhulme.com
>
>
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Which "password" is best.
Date: Thu, 19 Oct 2000 19:31:01 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (wtshaw) wrote:
> In article <8slnur$22d$[EMAIL PROTECTED]>, Tom St Denis
> <[EMAIL PROTECTED]> wrote:
>
> > In article <[EMAIL PROTECTED]>,
> > "Frog2000" <[EMAIL PROTECTED]> wrote:
> > I have
> > tried to get some random-passwords generated. In picking a
password, which
> > one of the 2 below would you chose, and why?
>
> > > Password 1
> > >
> > > 0n~gv3,1=bBz&!LalIweDx(JQ$_\jN@u:O%X^t}p#SV?y]2T7GW+odYRc
> > >
> > > Password 2
> > >
> > > RrL?tJc_'A=an3V~$e(;:+vo@Tl24%yqm!\FSXKpz&DW^#5HIN
> >
> > Neither.
> >
> > Tom
> >
> The use of a password/passphrase is based on it being both obscure and
> rememberable. The use of a 26 character permutation, an optionfor a
> constant sized string could be based on a pangram, harvesting each
> different letter in order.
If you expect a user to remeber a 26-char random looking string you are
nuts. Your best bet is with a max of 15 char ASCII password (random)
such as something like "A1N2bbt5zmt591" which has about log2(26+26+10)
*15 bits or 89.31 bits of entropy.
Even if you write that down in your wallet it's much better
then "123password" which is the limit of most peoples memories.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: What is desCDMF?
Date: Thu, 19 Oct 2000 19:32:30 GMT
In article <[EMAIL PROTECTED]>,
Richard Heathfield <[EMAIL PROTECTED]> wrote:
> Tom St Denis wrote:
> >
> > In article <8sms8a$sno$[EMAIL PROTECTED]>,
> > "Yonghan, Yoon" <[EMAIL PROTECTED]> wrote:
> > > what is Commecial Data Mask Facility ?
> > >
> > > How to implement 40-bits des key?
> > >
> > >
> >
> > Why the heck would you use a 40-bit key? That's like asking "can
you
> > steal my messages". Why not just not use a key at all?
>
> I can think of three reasons without particularly trying:
>
> 1) Newbie-level study of cryptanalytic techniques. This makes even a
> monoalphabetic sub or Vigenere cipher worth doing.
Why not then try to break 3-round DES instead of "DES with an insanely
short key"? Personally the former seems much more challenging then the
latter.
> 2) An informal competition among friends.
CDMF coding is very old, nothing new.
> 3) 'Kid sister' cryptography (i.e. a not very threatening* threat
> model).
Why not just xor 0xAA against the plaintext?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: RSA codes
Date: Thu, 19 Oct 2000 19:34:59 GMT
In article <8sngf0$f1q$[EMAIL PROTECTED]>,
Bob Silverman <[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]>,
> stl/*This_is_a_comment*[EMAIL PROTECTED] (Stephan T. Lavavej) wrote:
> > On Thu, 19 Oct 2000 11:53:29 GMT, Tom St Denis
<[EMAIL PROTECTED]>
> > wrote:
> >
> > >In article <8smm3b$op0$[EMAIL PROTECTED]>,
> > > [EMAIL PROTECTED] wrote:
> > >> Just a small question. RSA relies on people not being able to
work
> out
> > >> the prime numbers that where used to generate the keys right?
Well,
> > >> can't we just adapt the knapsack solution to break the key down
> into
> > >> it's part.
> > >
> > >Actually it's relies on the difficulting of finding logarithms
modulo
> > >the composite.
> > >
> > >I fail to see how the "knapsack problem" applies...
> > >
> > >Tom
> > >
> > >
> > >Sent via Deja.com http://www.deja.com/
> > >Before you buy.
> >
> > Um, RSA relies on factoring, while DH relies on the discrete log
> > problem, no?
>
> Actually, Tom got this part right. Breaking RSA can be done by
> computing discrete logs modulo a composite. This in turn is
> polynomial time equivalent to factoring. i.e. if I can solve
> for x given (say) g^x mod pq, then I can find p,q in P-time.
>
> DH relies on discrete log modulo a PRIME.
Cool, see Bob I am learning something :-)
Hey Bob, can we bury the hatchet? I know I make tons of mistakes but I
am trying to learn this while helping others. When I make a mistake
please just send a "slap upside head" message with the corrections.
Hopefully I won't repeat the mistake... hehe. I hope I can remain a
bit more "polite" in the future.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: RSA codes
Date: Thu, 19 Oct 2000 19:39:26 GMT
Stephan T. Lavavej wrote:
> Tom St Denis wrote:
> >Actually it's relies on the difficulting of finding logarithms modulo
> >the composite.
> Um, RSA relies on factoring, while DH relies on the discrete log
> problem, no?
I'd say "sort of" to both. The RSA problem is finding roots
modulo a composite, when the root-degree is relatively prime
to the totient of the modulus. It efficiently reduces to either
factoring or log modulo composite, but is not known to be
equivalent to either.
--Bryan
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
